Of course it's boring, I'm not allowed to say everything I have in mind Like I've said many times, there's not reason for a "password-stealer" file to be present unless YOU install it on your own. In that case, the problem is still the same as it has ever been: you. Because humans are not perfect, and even though developers try to make their software bug-free it's impossible to do that. You should be grateful that there are security teams handling and fixing these things, because on Windows you must rely on 100 people to find bugs and that include bugs on the security software you love so much. Just recently there were discoveries of vulnerabilities on Kaspersky and a handful of security programs that allowed for remote control of the machine. By your logic you should also install a program that would protect you from Kaspersky, right? But then you'd need a program to make sure that this program protecting you from Kaspersky also won't affect you from vulnerabilities! Oh no!! You're on an endless loop! You're again disrespecting security teams like the Debian or even the grsecurity ones. I'm not even going to respond to this level of ignorance. And you think your little Sophos will protect you in case that happens? LOL, you're a freaking comedian! You see, even if this actually happened, the downloaded package digital signature (.sig) wouldn't match what the other servers and your computer know, and this would cause an alert to everyone attempting to install that package, and it would be removed quickly and the server fixed. DONE. Except you don't realise you're wrong almost EVERY SINGLE TIME All you do is spread FUD, say "what ifs" that wouldn't affect you in any way, puke false claims that you can never back up with logic or reason (only with fear and conspiracy theories). Like me and others have said: You're bringing the Windows mindset to Linux. You're wrong, you just can't admit because of your ego. So sad. A good politician, for sure I know what they're capable of. Problem is, it seems you think they have some sort of magical power, not only them but these security companies too. Almost every conspiracy stupidity you say has no way of being scientifically verified, because it simply makes no sense. Like I said on my previous post, anyone can read your threads and see how wrong you are.